#!/usr/bin/python
# -*- coding: utf-8 -*-
"""
ESiPC LDAP Package

 ExpertSoftware Inc Python Common
"""

__author__ = "K.Sonohara"
__status__ = "develop"
__version__ = "0.0.0_1"
__date__    = "2013/05/05"
__license__ = 'LGPL'

# ------------------------------------------------------------
## Import Section
# ------------------------------------------------------------
# Python
import sys

# LDAP
import ldap
import ldap.modlist as modlist

# ESiPC
from esipc import AbstractESiPC, ESIPC
from esipc.resource.iniresource import ESiPCINIFileResourceBundle

# ------------------------------------------------------------
## Variable Section
# ------------------------------------------------------------

# ------------------------------------------------------------
## ESiPC LDAP Constant
class ESIPC_LDAP(ESIPC):
	pass

# ------------------------------------------------------------
## Function Section
# ------------------------------------------------------------

# ------------------------------------------------------------
def connect_ldap(url, basedn, user, password):
	ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
	ldap.set_option(ldap.OPT_REFERRALS, 0)

	l = ldap.initialize(url)
	l.protocol_version = ldap.VERSION3

	l.set_option(ldap.OPT_REFERRALS, 0)
	l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
	l.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND)
	l.set_option( ldap.OPT_X_TLS_DEMAND, True )
	l.set_option( ldap.OPT_DEBUG_LEVEL, 255 )

	l.simple_bind_s(user, password)

	return l

# ------------------------------------------------------------
def users_ldap(url, basedn, user, password, userid="*"):
	l = connect_ldap(url, basedn, user, password)

	filters = "(sAMAccountName=%s)" % userid
	results = l.search_s("CN=Users," + basedn, ldap.SCOPE_SUBTREE, filters)
	l.unbind_s()
	return results

# ------------------------------------------------------------
def user_ldap(url, basedn, user, password, userid="*"):
	results = users_ldap(url, basedn, user, password, userid)
	for dn,entry in results:
		return entry

# ------------------------------------------------------------
def user_ldap_dn(url, basedn, user, password, userid="*"):
	results = users_ldap(url, basedn, user, password, userid)
	for dn,entry in results:
		return dn

def unicode_ldap_password(plainpasswd):
	return ('"%s"' % plainpasswd).encode("utf-16le")

# ------------------------------------------------------------
def password_ldap(url, basedn, user, password, userdn, oldpassword, newpassword):
	unipass = unicode_ldap_password(newpassword)
	oldunipass = unicode_ldap_password(oldpassword)

	l = connect_ldap(url, basedn, user, password)

	try:
		mod_attrs = [(ldap.MOD_DELETE|ldap.MOD_BVALUES, 'unicodePwd', oldunipass)] + [(ldap.MOD_ADD|ldap.MOD_BVALUES,'unicodePwd',unipass)]
		#mod_attrs = [(ldap.MOD_REPLACE, 'unicodePwd', newpassword)]
		l.modify_s(userdn, mod_attrs)
	finally:
		l.unbind_s()

# ------------------------------------------------------------
## Class Section
# ------------------------------------------------------------

# ------------------------------------------------------------
## Main Section
# ------------------------------------------------------------
## Main
if __name__ == '__main__':
	pass

# ------------------------------------------------------------
